US District Court
District of New Mexico
W3C XML-DSig '99 Position Paper
The US District Court, District of New Mexico was perhaps the first court directly
connected to the Internet, and our initial pilot demonstrated the feasibility of secure
Internet electronic filing in 1994. It included a firewall, digital signatures, and
encryption. We have had live electronic filing since 1997. We are currently working on a
pilot (XCI - XML Court Interface)
to define an XML protocol for delivering filings securely over the Internet, as well as
other exchanges of court and attorney information. Digital signatures will be required for
authentication of attorneys and delivery agents. In addition, as a member of the XML for
legal documents discussion group Leg-XML
hosted by GSU, I have been tasked with recommending a method for XML digital signatures.
At the XMLDSIG BOF held in Minneapolis in March, it was decided that IETF should wait
for the outcome of this W3C workshop before deciding whether to form a work group. As a
representative of the legal community, I would like to encourage the two organizations to
arrive at a common standard. Signatures are a critical part of legal documents, and
authentication software shouldn't have to be developed for multiple standards.
I am interested in the two IETF digital signature proposals, the Richard Brown draft
and the Kent
Davidson draft (the second is based on the first.) I am also interested in the Hirosi Maruyama
draft for DOMHASH.
Position
The position taken is contingent on equivalent or better solutions to the problems
being addressed, and further enlightenment gained from participation in the standards
building process. Many of these points are taken from the papers mentioned above, and
apply to projected requirements for legal documents.
- Our interest in signed XML is more general than RDF, and potentially includes any
document related to the legal industry.
- The standard should allow signing of XML elements (including other signature elements),
preferably through a standard pointing mechanism such as XLink.
- The standard should allow signing of pieces of a composite document, or the signing of
an arbitrary combination of pieces in a composite document. Signed pieces and their
signatures should be removable from a composite document without compromising
authentication of these pieces.
- The standard should allow signing of both internal and external elements.
- The standard should allow signing of MIME types (e.g. application/pdf) in their native
format (even though they are encoded base64 within XML.)
- The indirect signing of a manifest (re the Brown draft) looks like a good idea, because
meta data and signature context can be signed along with the document. The standard should
allow the user to add extensions to this meta data.
- It should be possible to include a digital certificate and/or digital certificate
reference in the XML document, referred to by the signature elements (e.g. IDREF).
- The document should be canonicalized to the DOM format of the document for hashing.
Namespaces, DTD fixed/default attributes, and DTD general entity replacement value
canonicalization should probably be included in the hash so that the context of the
original document can be recreated as closely as possible.
- Comment hashing probably won't be necessary, but perhaps there could be an option
(attribute) that allows their inclusion if desired.
- White space can probably be safely ignored in the hash. If formatting is important, an
XSL (or other formatting language) could be included and signed.
- We seek non-proprietary solutions.
Richard Himes
<rhimes@nmcourt.fed.us>